| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
| |
We don't want to automatically update the copyright year as this
prevents reproducible builds.
Instead, 'make update-copyright-year' has to be executed at the
start of each new year and the changes have to be pushed.
Closes #980
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|\
| |
| |
| |
| | |
improve gnutls-cli-debug testing of old SSL 3.0 servers
See merge request gnutls/gnutls!1221
|
| |
| |
| |
| |
| |
| |
| |
| | |
in SSL 3.0)
See #958
Signed-off-by: Daniel Lenski <dlenski@gmail.com>
|
| |
| |
| |
| |
| |
| | |
See #958
Signed-off-by: Daniel Lenski <dlenski@gmail.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
servers don't accept them
See #958
Signed-off-by: Daniel Lenski <dlenski@gmail.com>
|
|/
|
|
|
|
|
|
| |
Previously, when gnutls-serv was executed with the --echo option, it
would exit when a message to be echoed was received. Moreover, the
server would output "Memory error" although no error occurred.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|
|
|
|
|
|
|
| |
Note that there's a small modification to the behavior of the existing
--ocsp-save option: If there is no stapled OCSP response the output
file is still created and will be empty.
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
|
|\
| |
| |
| |
| | |
algorithms: implement X448 key exchange and Ed448 signature scheme
See merge request gnutls/gnutls!984
|
| |
| |
| |
| | |
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|/
|
|
|
|
|
|
| |
When gnutls-cli-debug is run on systems where a particular algorithm
is disabled, ensure that we don't stop the testing; in that case
we ignore the test.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
|
|
|
|
| |
Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
|
|
|
|
|
|
|
| |
Fix building gnutls-cli (benchmark part) with GOST keys support being
disabled.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
|
|
|
| |
Support gnutls-cli when building GnuTLS with OCSP and ANON
authentication API disabled.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
|
|
| |
Support gnutls-serv when building GnuTLS with OCSP API disabled.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
| |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
| |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
|
|
|
| |
Use newly added gnutls_hmac_get_key_size() to get key size instead of
assuming that key size = block size (incorrect for GOST 28147 IMIT).
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|\
| |
| |
| |
| | |
certtool: always set extensions from template
See merge request gnutls/gnutls!1130
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously we would only set these extensions specific with add_extension
when generating using --generate-certificate. The change makes sure these
options are considered even when generating an extension from a certificate
request. Issue reported on the mailing list.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\ \
| | |
| | |
| | |
| | | |
Improvements in gnutls-cli --benchmark-tls-kx
See merge request gnutls/gnutls!1128
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It is now printed in a way that separates the tests. Example:
```
(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)
- 179.19 transactions/sec
- avg. handshake time: 5.57 ms
- standard deviation: 0.57
(TLS1.3)-(ECDHE-X25519)-(RSA-PSS-RSAE-SHA256)-(AES-128-GCM)
- 182.24 transactions/sec
- avg. handshake time: 5.48 ms
- standard deviation: 0.64
```
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This allows micro and nanoseconds to be reported if necessary,
and it changes reporting of sample variance to standard deviation
giving a possibly better overview as it is in the same units as
the average.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\ \ \
| |_|/
|/| |
| | |
| | |
| | |
| | | |
gnutls-serv: do not exit on command failure
Closes #868
See merge request gnutls/gnutls!1129
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If gnutls_reauth() or gnutls_heartbeat_ping() fail, gnutls-serv
would simply quit. This prevents using this tool in a test environment
like tlsfuzzer. Ensure that we don't quit on error.
Resolves: #868
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\ \ \
| |_|/
|/| |
| | |
| | |
| | |
| | | |
_gnutls_verify_crt_status: apply algorithm checks to trusted CAs and other cert improvements
Closes #877
See merge request gnutls/gnutls!1140
|
| |/
| |
| |
| |
| |
| | |
This applies to the --verify and --verify-chain commands.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|/
|
|
|
|
|
| |
Add test for VKO-GOST-12, GOST28147-TC26Z-CNT and GOST28147-TC26Z-IMIT
support by the server.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
|
|
|
|
|
| |
This also includes --enable-local-libopts flag to make dist
to catch future regressions.
Resolves: #867
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
| |
The status information not part of the payload data and should be
separate when using --logfile.
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
|
|
|
|
| |
Signed-off-by: Fiona Klute <fiona.klute@gmx.de>
|
|
|
|
|
|
|
|
|
| |
Previously we would omit the CRL distribution points from a non-self
signed CA certificate, even if contained in the template.
Resolves: #765
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|\
| |
| |
| |
| | |
Update CI to F31
See merge request gnutls/gnutls!1113
|
| |
| |
| |
| |
| |
| |
| | |
This fixes compilation in Fedora 30 which ships with this
version of autogen.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|\ \
| |/
|/|
| |
| |
| |
| | |
doc: describe how to make gnutls-cli quiet for pipe usage
Closes #845
See merge request gnutls/gnutls!1108
|
| |
| |
| |
| | |
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
|
|/
|
|
|
|
| |
Move closing TABLE tag after printing information on cipher and MAC.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recent autogen started adding '#include <stdnoreturn.h>' into -args.h
files. However in GnuTLS tools code this results in the following
warnings, because stdnoreturn.h unconditionally redefines 'noreturn' to
_Noreturn:
warning: '_Noreturn' attribute directive ignored
Use __noreturn__ attribute instead as does Gnulib.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
|
|
| |
Print key size range and flags in mechanisms list.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
| |
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
|
|
|
|
| |
Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
|
|
|
|
|
|
| |
Resolves: #840
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently gnutls-cli-debug code hardodes index of tests, after which it
will check if any known protocols (SSL 3.0/TLS1.[0123]) are supported by
the server. However this number is hardcoded and thus easy to break.
This is exactly what happened after adding %ALLOW_SMALL_RECORDS check.
Two tests were added in front of tests lists without updating this
index.
So let's make this check robust by adding another test which will return
fatal error if no known protocols are supported. While we are at it,
also simplify tests loop by removing internal loop completely and
controlling opening/closing a socket with a flag.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
|
|
|
|
|
|
|
|
| |
This fixes detection in a way to work in builds outside the
source directory.
Resolves: #810
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
|
| |
When asking the questions for CA certificate generation, default
to yes to signing certificates. This is because that's the most
common type of CAs generated and defaulting to yes eliminates
the need for restart on error.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
Resolves: #449
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
| |
By default, the gnutls-server --http responds with the connection
information. While this is useful for manual testing, fixed content
would be more desirable for automated testing.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
This adds a new test against the server to check if
%ALLOW_SMALL_RECORDS is required to continue communicating with the
server. The test is in two parts: one to check if the server accepts
records with the default size (512 bytes) and the other is to check if
%ALLOW_SMALL_RECORDS helps if the previuos test fails.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
|
|
|
|
|
|
| |
This adds a means to set maximum record size to receive. If the size
is less than our default (< 512), --priority with %ALLOW_SMALL_RECORDS
also needs to be specified.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This addresses issue on installed systems which have autogen but
use --enable-local-libopts. In these systems if the installed autogen
would not match the local libopts library version compilation would
fail because the auto-generated files depend on the corresponding to
autogen version libopts internals.
Resolves: #772
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|